A cyber attack that compromised a third-party software vendor’s systems rattled the United States government this week which resulted in data breaches at a number of federal agencies, including the Department of Commerce, the Department of Energy and the Department of Homeland Security’s cyber unit.
But many of the biggest companies in the country have also been put on alert by the attack on SolarWinds, a company that hardly a household name prior to the incident.
Software containing the vulnerability that allowed the hackers to penetrate the Commerce Department could be running in the systems of as many as 18,000 of its customers — out of a total of 300,000, SolarWinds said in an investor filing this week.
Suspected Russian-linked hackers were behind the cyber attack, US officials have claimed.
Services to more than 425 companies in the US Fortune 500 is provided by SolarWinds, according to information on a page from the company’s website, which has been taken down by the company but can still be seen on the Wayback Machine internet archive.
Cisco, AT&, Microsoft, Comcast and McDonald’s, as well as financial giants Visa and Mastercard are among the US companies that are listed on the webpage of the company.
Investigations are currently being conducted on the issue by many of these companies, according to reports. New reports also quoted at least two companies saying that they have been affected to some degree by the breach.
Cisco had “identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints”, a spokesperson of the company told the media on Friday. “At this time, there is no known impact to Cisco offers or products,” the spokesperson said. “We continue to investigate all aspects of this evolving situation with the highest priority.”
Acknowledge of being affected by the hack was also made publicly by Microsoft.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said in a statement. There were however no evidence of its services or customer data being accessed by third party hackers, the company had added. “Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”
More than 40 of its customers across eight countries were running the software, affected by the breach. in their systems, Microsoft disclosed in a blog post on Thursday. The company’s president, Brad Smith, said in the post that the company was working to notify the companies.
“Every organization [and] company should be concerned because they must assume their networks are breached and the adversary is monitoring and observing their actions,” Kiersten Todt, a former cybersecurity official in the Obama administration and managing director of the Cyber Readiness Institute, said.
“Companies will need to do clean-up similar to a hurricane,” she added. “It is going to be expensive and extensive — companies are going to have to identify what has been breached and what, if anything, remained stable.”
Comcast was also “conducting a thorough internal review” for identifying whether there were any signs of hacking in its system, the company said in a statement.
Internal review was also being conducted by Visa. “Security is paramount at Visa and we will continue to monitor the situation closely,” the company said in a statement.
(Adapted from CNN.com)